Solving fraud in banking with trusted digital identities while improving customer convenience
By Roland Fournier, Senior Director, Product & Solutions with HID Global
Banks are seeing growing demand for a more convenient customer experience, across all channels. This is a tall order. Any increase in convenience must be balanced with an increase in security. Biometrics have long provided a reliable means to establish authentication of a true identity. With the latest advances in face recognition, in particular, the technology now enables a premium customer experience while also increasing security across all bank systems and service channels.
Creating trusted interactions
The banking landscape is a patchwork of technology systems, separately assembled and deployed, often by different organizations within each institution. This creates a fragmented experience that frustrates bank customers wanting a simple and trustworthy transaction environment. It also creates many new opportunities for hack attacks and data breaches.
The answer is an integrated multi-channel identity and access platform that improves the user experience, enables mutual trust, meets compliance requirements, reduces complexity, and lowers the total cost of ownership. Biometric authentication plays a critical role in delivering trusted identities for these platforms. Only biometrics can directly confirm a person’s true identity. Biometrics provide the means to unambiguously validate an identity claim, and can achieve this while eliminating the cost, complexity, and vulnerabilities of other identity authentication methods.
How biometrics help reduce fraud in banking
There are two key ways to use biometrics: a) as an authentication factor; and b) to prove people’s claims of “true” identity. It is important to know the difference.
Using biometrics as an authentication factor
Biometrics are effective authentication factors because they are unique to each individual. When people scan their faces to access their smartphones, they are proving they are the ones that match the enrolled template.
When biometrics is used as an authentication factor, it provides a convenient way to perform “card not present” (CNP) transactions both online and at a bank branch. Consider the example of biometrically-enabled smartphones. Today, people can take a selfie and bind their smartphone to their face with a credit card and a billing address. This mobile device can then be associated with the bank’s and other financial accounts, all tied with the captured face biometric.
The challenge with this smartphone scenario, though, is that the face biometric was not used to verify a claim of true identity – it was simply used as a credential to replace a PIN or password on the device. While more convenient, this transaction is less trustworthy than an in-person transaction with a card. To eliminate fraud, there must be an unbroken chain of trust for transactions that is based on verifying a claim of true identity. This prevents someone from using identity fraudulently.
Using biometrics to prove a claim of “true identity”
Using biometrics to assert true identity solves this problem. Biometrically matching one’s face to the photo image on a government-issued credential such as a passport or driver’s license proves that the identity represented on that document belongs to the person presenting it.
Advances in mobile biometrics have given rise to remote electronic know your customer (eKYC) solutions. With these solutions, bank customers simply use their smartphones to take a picture of the government-issued ID and a selfie. Document-reading software verifies the ID, while biometric matching compares the selfie to the photo image of the document. Advanced liveness detection and anti-counterfeiting measures ensure the software isn’t being tricked into a false positive.
The result is a representation of true identity that delivers a high level of trust in a manner that is very resistant to identity fraud and theft and can be referenced for subsequent transactions. This increasingly popular approach eliminates identity theft and fraud, but like any trust chain, this approach is only as secure as its weakest link. It is critical that banks shift their attention from weak authentication factors like PINs and passwords to a focus on the viable ecosystems that can now support the establishment and proof of true identity.
Banks also must protect customer privacy. Biometric solutions improve privacy, but banks must also protect all biometric templates and identity data.
Biometric data must be anonymized and only used for the application when the user selects the option for capturing their biometric template. There should also be prohibitions against sharing data, and all transactions, photographs, biometric data, and other personal information should be encrypted and stored in a separate section of the operator’s network. Adding end-to-end encryption reinforces the already strong privacy protection of using a biometric in multi-factor authentication. Mobile-based access solutions should also use document scanning technology to read and validate whether a government-issued ID is real or not. Implementing these and other measures will protect privacy while enabling faster and more seamless and secure access experiences.
A better way to bank
To fully realize the benefits of biometrics, there must be a chain of trust based on an integrated platform capable of recognizing true identities from establishment through authentication. The customer banking experience can be further improved while increasing trust and lowering costs by using mobile-relevant, multichannel-capable identity and access management approaches that are secured, end-to-end, and easy to buy and to deploy.
With this foundation, banks can empower users to bank wherever, whenever, and however they want, using a combination of biometrics, multi-factor authentication with mobile certificates, document authentication and deep learning. These and other technologies work together to create an environment in which there is no requirement for bank customers to do anything other than present themselves for their transactions, whether on a mobile phone, at the bank or ATM, or online.
About the author
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.